array isUrlGenerationSafe(Twig_Node $argsNode)
Determines at compile time whether the generated URL will be safe and thus saving the unneeded automatic escaping for performance reasons.
The URL generation process percent encodes non-alphanumeric characters. So there is no risk that malicious/invalid characters are part of the URL. The only character within an URL that must be escaped in html is the ampersand ("&") which separates query params. So we cannot mark the URL generation as always safe, but only when we are sure there won't be multiple query params. This is the case when there are none or only one constant parameter given. E.g. we know beforehand this will be safe: - path('route') - path('route', {'param': 'value'}) But the following may not: - path('route', var) - path('route', {'param': ['val1', 'val2'] }) // a sub-array - path('route', {'param1': 'value1', 'param2': 'value2'}) If param1 and param2 reference placeholder in the route, it would still be safe. But we don't know.
Please login to continue.